Hello trac users, I have been asked to check some of the security aspects of using trac on our network and am not familiar enough with web programming and the trac source to answer all of the questions, so I was hoping someone can help...
Session management: ~ are the session IDs at least 64-bits of random data? ~ does a session timeout and is the period configurable? ~ are the `secure` and `http_only` flags set for cookies? We use trac via apache & mod_wsgi on a windoze server. Apache authenticates all users against active directory (mod_ldap) for all access (via a site-wide <Location /> directive) and the username is then passed to trac via wsgi. As we use https authentication, I have hidden the logout button (as it does nothing useful). Many thanks for an help you can give me, ~ mark c -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
